9월 20, 2023
SentinelOne Demo: SentinelOne VS Inc. Ransomware – Detection and Mitigation
In this video demonstration, we show how the SentinelOne Singularity XDR Platform protects against Inc. ransomware.
Inc. ransomware is a ransomware extortion operation that emerged in July of 2023. Its operators position themselves as a service to their victims. Victims can then pay the ransom to ‘save their reputation’ though the threat actors indicate their intention to reveal their methods, making the victim’s environment ‘more secure’ as a result. Inc. ransomware is a multi-extortion operation, stealing victim data and threatening to leak said data online should the victim fail to comply with their demands.
Inc. ransomware operators target multiple industries with little to no discrimination. This includes attacks on healthcare, education, and government entities. As of this writing, there are seven victims listed on the Inc. ransomware TOR-based blog; two of which are in the healthcare industry. Targets in the technology industry are listed as well.
Initial access can vary. Observed methods include spear-phishing email as well as targeting of vulnerable services. This includes the exploitation of CVE-2023-3519 in Citrix NetScaler.
Inc. ransomware ransom notes are written to each folder containing encrypted items. Copies of the ransom notes are written in both .TXT and .HTML format as “INC-README.TXT” and “INC-README.HTML”, respectively. The payloads will also attempt to output the HTML-formatted note to any connected and accessible printers or fax machines.
The SentinelOne Singularity XDR Platform can identify and stop any malicious activities and items related to Inc. ransomware.
관련 리소스
데이터시트
Singularity™ Complete AI 지원 엔드포인트와 클라우드 보안
점점 더 복잡해지는 보안 아키텍처와 데이터 소스, 제한된 리소스, 더욱 정교해지는 공격에 직면한 보안 팀은 AI 지원 공격 세례에 대비하느라…
지금 읽기
Resource
SentinelOne PartnerOne - America's 2025
⛳️ Last week in Pebble Beach the America's best cybersecurity partners came together for our annual PartnerOne summit. Check out…
View Asset